A performance comparison of multi-hop wireless ad hoc network routing protocols
MobiCom '98 Proceedings of the 4th annual ACM/IEEE international conference on Mobile computing and networking
MAFIA: A Maximal Frequent Itemset Algorithm for Transactional Databases
Proceedings of the 17th International Conference on Data Engineering
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Intrusion Detection Using Mobile Agents in Wireless Ad Hoc Networks
KMN '02 Proceedings of the IEEE Workshop on Knowledge Media Networking
Cross-Feature Analysis for Detecting Ad-Hoc Routing Anomalies
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
A specification-based intrusion detection system for AODV
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
A cooperative intrusion detection system for ad hoc networks
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
A Survey of Secure Wireless Ad Hoc Routing
IEEE Security and Privacy
Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection
International Journal of Security and Networks
Anomaly detection and mitigation for disaster area networks
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
WiFi miner: an online apriori-infrequent based wireless intrusion system
Sensor-KDD'08 Proceedings of the Second international conference on Knowledge Discovery from Sensor Data
A big data based data storage systems for rock burst experiment
International Journal of Wireless and Mobile Computing
A hybrid intelligent data classification algorithm
International Journal of Wireless and Mobile Computing
Hi-index | 0.00 |
Ad hoc network security mainly relies on defence mechanisms at each mobile node due to lack of infrastructure. For this reason, various intrusion detection techniques have been proposed for ad hoc networks. Developing Intrusion Detection Systems (IDS) for individual nodes in ad hoc network is challenging for a number of reasons, including resource constraints at each node and the difficulties to locate attack source for prompt response. In this paper, we propose a hybrid data mining anomaly detection technique for node-based IDS. Specifically, we incorporate two data mining techniques, that is, association-rule mining and cross-feature mining, to characterise normal behaviours of mobile nodes and detect anomalies by finding deviance from the norm. The advantage of our hybrid approach is that association-rule mining and cross-feature mining usually complement each other in time scale and sensitivity to different attack types. We investigate features of interest from both the medium access (MAC) layer and the network layer. Our intention of using the MAC layer features is to localise the attack source within one-hop perimeter. To preserve the precious energy of mobile nodes, we propose two compact feature sets, that is, direct feature set and statistical feature set, that target on short-term and long-term profiling of normal node behaviours, respectively. Considering the characteristic of audit data collected upon different feature sets, we apply association-rule mining to the short-term profiling and cross-feature mining to the long-term profiling. We validate our work through ns-2 simulation experiments. Experimental results show the effectiveness of our method.